Arm

Mbed Tls

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.12%
  • Veröffentlicht 31.01.2024 08:15:42
  • Zuletzt bearbeitet 05.06.2026 19:38:32

Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

  • EPSS 0.31%
  • Veröffentlicht 31.01.2024 08:15:42
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to se...

Exploit
  • EPSS 0.47%
  • Veröffentlicht 21.01.2024 23:15:44
  • Zuletzt bearbeitet 30.05.2025 15:15:27

An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.

  • EPSS 0.78%
  • Veröffentlicht 07.10.2023 01:15:10
  • Zuletzt bearbeitet 05.06.2026 19:38:32

Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.

  • EPSS 0.16%
  • Veröffentlicht 17.01.2023 21:15:10
  • Zuletzt bearbeitet 05.06.2026 19:38:32

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (...

  • EPSS 1.15%
  • Veröffentlicht 15.12.2022 23:15:10
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_...

  • EPSS 0.79%
  • Veröffentlicht 15.12.2022 23:15:10
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key ...

Exploit
  • EPSS 1.83%
  • Veröffentlicht 15.07.2022 14:15:09
  • Zuletzt bearbeitet 05.06.2026 19:38:32

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This ca...

Exploit
  • EPSS 2.21%
  • Veröffentlicht 24.03.2022 18:15:08
  • Zuletzt bearbeitet 02.12.2025 21:15:49

A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.

  • EPSS 0.92%
  • Veröffentlicht 21.12.2021 07:15:06
  • Zuletzt bearbeitet 21.11.2024 06:32:14

In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.